ä»æ¥ãäŒæ¥ã®æ
å ±ã»ãã¥ãªãã£ïŒä»¥äžãæ
å ±ã»ãã¥ãªãã£ïŒã¯äžçã§æãå«ç·ã®èª²é¡ã®äžã€ãšãªã£ãŠããŸãã å€ãã®åœã§ã¯ãå人ããŒã¿ãä¿åããã³åŠçããçµç¹ã«å¯ŸããèŠä»¶ã匷åãããŠãããããããã¯é©ãã¹ãããšã§ã¯ãããŸããã çŸåšããã·ã¢ã®æ³åŸã§ã¯ãææžã®æµãã®ããªãã®éšåãçŽã®åœ¢åŒã§ç¶æããããšã矩åä»ããããŠããŸãã åæã«ãããžã¿ã«åãžã®åŸåãé¡èã§ãããå€ãã®äŒæ¥ã¯ãã§ã«å€§éã®æ©å¯æ
å ±ãããžã¿ã«åœ¢åŒãšçŽææžã®åœ¢åŒã®äž¡æ¹ã§ä¿åããŠããŸãã
çµæã«åºã¥ããŠ
çŸåšãäŒæ¥ã®æ
å ±ã»ãã¥ãªãã£ã¯ããŠã€ã«ã¹å¯Ÿçããã¡ã€ã¢ãŠã©ãŒã«ãªã©ã®äžé£ã®æè¡çæ段ã ãã§ã¯ãªããäŒæ¥è³ç£å
šè¬ãç¹ã«æ
å ±ãæ±ãããã®çµ±åçãªã¢ãããŒããšãªã£ãŠããŸãã äŒæ¥ã¯ãããã®åé¡ãžã®ã¢ãããŒããç°ãªããŸãã ä»æ¥ã¯ãããªåé¡ã®è§£æ±ºçãšããŠã®åœéèŠæ ŒISO27001ã®å°å
¥ã«ã€ããŠã話ããããšæããŸãã ãã·ã¢åžå Žã®äŒæ¥ã«ãšã£ãŠããã®ãããªèšŒææžã®ååšã«ããããã®åé¡ã«é¢ããŠé«ãèŠä»¶ãæã€å€åœã®é¡§å®¢ãããŒãããŒãšã®ããåããç°¡çŽ åãããŸãã ISO 27001 ã¯è¥¿åŽè«žåœã§åºã䜿çšãããŠãããæ
å ±ã»ãã¥ãªãã£åéã®èŠä»¶ãã«ããŒããŠããã䜿çšãããæè¡ãœãªã¥ãŒã·ã§ã³ã«ãã£ãŠã«ããŒãããã¹ãã§ãããããžãã¹ ããã»ã¹ã®éçºã«ãè²¢ç®ããŸãã ãããã£ãŠããã®æšæºã¯ç«¶äºäžã®åªäœæ§ãšãªããå€åœäŒæ¥ãšã®æ¥ç¹ãšãªãå¯èœæ§ããããŸãã
æ
å ±ã»ãã¥ãªã㣠ãããžã¡ã³ã ã·ã¹ãã (以äžãISMS) ã®ãã®èªèšŒã¯ãISMS èšèšã®ãã¹ã ãã©ã¯ãã£ã¹ãåéããéèŠãªããšã«ãã·ã¹ãã ã®æ©èœãæè¡çãªã»ãã¥ãªã㣠ãµããŒãã®èŠä»¶ãããã«ã¯ç€Ÿå
ã®äººäºç®¡çããã»ã¹ã«ã çµå±ã®ãšãããæè¡çãªé害ã¯åé¡ã®äžéšã«ãããªãããšãç解ããå¿
èŠããããŸãã æ
å ±ã»ãã¥ãªãã£ã®åé¡ã§ã¯ã人çèŠå ã倧ããªåœ¹å²ãæãããŠããããããæé€ãããæå°éã«æãããããããšã¯ã¯ããã«å°é£ã§ãã
ããªãã®äŒç€Ÿã ISO 27001 èªèšŒãååŸããããšããŠããã®ã§ããã°ããã§ã«ãã®ç°¡åãªæ¹æ³ãèŠã€ããããšããŠãããããããŸããã çããããã£ãããããªããã°ãªããŸãããããã«ã¯ç°¡åãªæ¹æ³ã¯ãããŸããã ãã ããåœéçãªæ å ±ã»ãã¥ãªãã£èŠä»¶ã«çµç¹ãåããã®ã«åœ¹ç«ã€ç¹å®ã®æé ããããŸãã
1. çµå¶é£ããã®ãµããŒããåãã
åœããåã®ããšã ãšæããããããŸããããå®éã«ã¯ãã®ç¹ã¯èŠèœãšãããã¡ã§ãã ããã«ãããã ISO 27001 å°å ¥ãããžã§ã¯ãã倱æããããšãå€ãäž»ãªçç±ã® XNUMX ã€ã§ãã çµå¶è ã¯æšæºå°å ¥ãããžã§ã¯ãã®éèŠæ§ãç解ããªããã°ãèªèšŒã®ããã«ååãªäººæãäºç®ãæäŸããããšã¯ã§ããŸããã
2. èªå®æºåèšç»ãäœæãã
ISO 27001 èªèšŒã®æºåã¯ãããŸããŸãªçš®é¡ã®äœæ¥ã䌎ãè€éãªäœæ¥ã§ãããå€æ°ã®äººã®é¢äžãå¿ èŠã§ãäœãæ (å Žåã«ãã£ãŠã¯æ°å¹Ž) ãããå ŽåããããŸãã ãããã£ãŠã詳现ãªãããžã§ã¯ãèšç»ãäœæããããšãéåžžã«éèŠã§ããå³å¯ã«å®çŸ©ãããã¿ã¹ã¯ã«ãªãœãŒã¹ãæéã人ã ã®é¢äžãå²ãåœãŠãæéã®é å®ãç£èŠããŸããããããªããšãä»äºã決ããŠçµããããããšãã§ããªãå¯èœæ§ããããŸãã
3. èªèšŒå¢çãå®çŸ©ãã
掻åãå€æ§åãã倧èŠæš¡ãªçµç¹ã®å ŽåãäŒç€Ÿã®äºæ¥ã®äžéšã®ã¿ã ISO 27001 ã«èªèšŒããããšãåççãããããŸãããããã«ããããããžã§ã¯ãã®ãªã¹ã¯ãå€§å¹ ã«è»œæžãããæéãšã³ã¹ããå€§å¹ ã«åæžãããŸãã
4. æ å ±ã»ãã¥ãªãã£ããªã·ãŒã®çå®
æãéèŠãªææžã® XNUMX ã€ã¯ãäŒç€Ÿã®æ å ±ã»ãã¥ãªã㣠ããªã·ãŒã§ãã ããã¯ãäŒç€Ÿã®æ å ±ã»ãã¥ãªãã£ç®æšãšããã¹ãŠã®åŸæ¥å¡ãåŸããªããã°ãªããªãæ å ±ã»ãã¥ãªãã£ç®¡çã®åºæ¬ååãåæ ããŠããå¿ èŠããããŸãã ãã®ææžã®ç®çã¯ãäŒæ¥ã®çµå¶é£ãæ å ±ã»ãã¥ãªãã£ã®åéã§äœãéæãããã®ãããŸããããã©ã®ããã«å®è£ ããã³ç®¡çãããã®ãã決å®ããããšã§ãã
5. ãªã¹ã¯è©äŸ¡æ¹æ³ãå®çŸ©ãã
æãé£ããã¿ã¹ã¯ã® XNUMX ã€ã¯ããªã¹ã¯ã®è©äŸ¡ãšç®¡çã®ããã®ã«ãŒã«ãå®çŸ©ããããšã§ãã äŒæ¥ãã©ã®ãªã¹ã¯ã蚱容ã§ãããšèããã©ã®ãªã¹ã¯ã軜æžããããã«çŽã¡ã«è¡åãå¿
èŠããç解ããããšãéèŠã§ãã ãããã®ã«ãŒã«ããªããã°ãISMS ã¯æ©èœããŸããã
åæã«ããªã¹ã¯ã軜æžããããã«è¬ããããæªçœ®ãé©åã§ããããšãèŠããŠãã䟡å€ããããŸãã ãã ããæé©åããã»ã¹ã«ããŸã倢äžã«ãªããããªãã§ãã ãããæé©åããã»ã¹ã«ã¯å€å€§ãªæéãééçã³ã¹ãããããããåã«äžå¯èœãªå¯èœæ§ãããããã§ãã ãªã¹ã¯è»œæžçãçå®ããéã«ã¯ããæå°éã®ååæ§ãã®ååã䜿çšããããšããå§ãããŸãã
6. æ¿èªãããæ¹æ³è«ã«åŸã£ãŠãªã¹ã¯ã管çãã
次ã®æ®µéã¯ããªã¹ã¯ç®¡çææ³ã®äžè²«ããé©çšãã€ãŸãè©äŸ¡ãšåŠçã§ãã ãã®ããã»ã¹ã¯çŽ°å¿ã®æ³šæãæã£ãŠå®æçã«å®è¡ããå¿ èŠããããŸãã æ å ±ã»ãã¥ãªãã£ãªã¹ã¯ç»é²ç°¿ãææ°ã®ç¶æ ã«ä¿ã€ããšã§ãäŒç€Ÿã®ãªãœãŒã¹ãå¹æçã«å²ãåœãŠãé倧ãªã€ã³ã·ãã³ããé²ãããšãã§ããŸãã
7. ãªã¹ã¯å¯Ÿå¿ãèšç»ãã
äŒç€Ÿã«ãšã£ãŠèš±å®¹å¯èœãªã¬ãã«ãè¶ ãããªã¹ã¯ã¯ããªã¹ã¯åŠçèšç»ã«å«ããå¿ èŠããããŸãã ãªã¹ã¯ã軜æžããããšãç®çãšããè¡åããã®è²¬ä»»è ãšæéãèšé²ããå¿ èŠããããŸãã
8. 該åœæ§ã«é¢ãã声æãå®æãããŸã
ããã¯ãç£æ»äžã«èªèšŒæ©é¢ã®å°é家ã«ãã£ãŠèª¿æ»ãããéèŠãªææžã§ãã ã©ã®æ å ±ã»ãã¥ãªãã£ç®¡çãäŒç€Ÿã®æŽ»åã«é©çšããããã説æããå¿ èŠããããŸãã
9. æ å ±ã»ãã¥ãªãã£ç®¡çã®æå¹æ§ãã©ã®ããã«æž¬å®ãããã決å®ããŸãã
ããããè¡åã«ã¯ãèšå®ãããç®æšã®éæã«ã€ãªããçµæãå¿ èŠã§ãã ãããã£ãŠãæ å ±ã»ãã¥ãªãã£ç®¡çã·ã¹ãã å šäœãšãé©çšæ§éå±æžããéžæãããåå¶åŸ¡ã¡ã«ããºã ã®äž¡æ¹ã«ã€ããŠãç®æšã®éæãã©ã®ãããªãã©ã¡ãŒã¿ã«ãã£ãŠæž¬å®ãããããæ確ã«å®çŸ©ããããšãéèŠã§ãã
10. æ å ±ã»ãã¥ãªãã£ç®¡çã®å®æœ
ãŸãããããŸã§ã®æé ããã¹ãŠå®äºããåŸã§ã®ã¿ããé©çšæ§ã«é¢ããä»é²ãã«ãã該åœããæ å ±ã»ãã¥ãªãã£ç®¡çã®å®è£ ãéå§ããå¿ èŠããããŸãã ãã¡ãããããã§ã®æ倧ã®èª²é¡ã¯ãçµç¹ã®ããã»ã¹ã®å€ãã«ãŸã£ããæ°ããããæ¹ãå°å ¥ããããšã«ãªããŸãã 人ã ã¯æ°ããããªã·ãŒãæé ã«æµæããåŸåãããããã次ã®ç¹ã«æ³šæããŠãã ããã
11. åŸæ¥å¡ã«å¯Ÿããç ä¿®ããã°ã©ã ã®å®æœ
åŸæ¥å¡ããããžã§ã¯ãã®éèŠæ§ãç解ããæ å ±ã»ãã¥ãªãã£ããªã·ãŒã«åŸã£ãŠè¡åããªããã°ãäžèšã®ãã¹ãŠã®ç¹ã¯ç¡æå³ã«ãªããŸãã åŸæ¥å¡ã«æ°ããã«ãŒã«ããã¹ãŠéµå®ããŠãããããå Žåã¯ããŸãåŸæ¥å¡ã«ãã®ã«ãŒã«ãå¿ èŠãªçç±ã説æãã次㫠ISMS ã«é¢ãããã¬ãŒãã³ã°ãæäŸããåŸæ¥å¡ãæ¥åžžæ¥åã§èæ ®ããå¿ èŠããããã¹ãŠã®éèŠãªããªã·ãŒã匷調ããå¿ èŠããããŸãã ISO 27001 ãããžã§ã¯ãã倱æããäžè¬çãªçç±ã¯ãã¹ã¿ããã®ãã¬ãŒãã³ã°ã®æ¬ åŠã§ãã
12. ISMSããã»ã¹ã®ç¶æ
ãã®æç¹ã§ãISO 27001 ã¯çµç¹å ã§æ¥åžžçãªãã®ã«ãªããŸãã èŠæ Œã«åŸã£ãŠæ å ±ã»ãã¥ãªãã£ç®¡çãå®æœãããŠããããšã確èªããã«ã¯ãç£æ»äººã¯ç®¡çã®å®éã®éçšã®èšŒæ ã§ããèšé²ãæäŸããå¿ èŠããããŸãã ããããäœãããèšé²ã¯ãåŸæ¥å¡ (ããã³ãµãã©ã€ã€ãŒ) ãæ¿èªãããã«ãŒã«ã«åŸã£ãŠæ¥åãå®è¡ããŠãããã©ããã远跡ããã®ã«åœ¹ç«ã€å¿ èŠããããŸãã
13. ISMS ãç£èŠãã
ISMS ã§ã¯äœãèµ·ãã£ãŠããŸãã? ã€ã³ã·ãã³ãã¯äœä»¶ãããŸãã?ãã®çš®é¡ã¯äœã§ãã? ãã¹ãŠã®æé ã¯é©åã«è¡ãããŠããŸãã? ãããã®è³ªåã«ãããäŒæ¥ãæ å ±ã»ãã¥ãªãã£ã®ç®æšãéæããŠãããã©ããã確èªããå¿ èŠããããŸãã ããã§ãªãå Žåã¯ãç¶æ³ãä¿®æ£ããããã®èšç»ãç«ãŠãå¿ èŠããããŸãã
14. ISMSå éšç£æ»ã®å®æœ
å éšç£æ»ã®ç®çã¯ãäŒæ¥å ã®å®éã®ããã»ã¹ãšæ¿èªãããæ å ±ã»ãã¥ãªã㣠ããªã·ãŒãšã®éã®äžäžèŽãç¹å®ããããšã§ãã ã»ãšãã©ã®å ŽåãåŸæ¥å¡ãã«ãŒã«ãã©ã®çšåºŠéµå®ããŠãããã確èªããŸãã ããã¯éåžžã«éèŠãªç¹ã§ãããªããªããã¹ã¿ããã®ä»äºã管çããªããšã(æå³çãŸãã¯éæå³çã«) çµç¹ã«æ害ãçºçããå¯èœæ§ãããããã§ãã ããããããã§ã®ç®æšã¯ãç¯äººãèŠã€ããŠããªã·ãŒéåãæ²æããããšã§ã¯ãªããç¶æ³ãæ¯æ£ããå°æ¥ã®åé¡ãé²ãããšã§ãã
15. ãããžã¡ã³ãã¬ãã¥ãŒãçµç¹ãã
管çè ã¯ãã¡ã€ã¢ãŠã©ãŒã«ãèšå®ããå¿ èŠã¯ãããŸããããISMS ã§äœãèµ·ãã£ãŠããããããšãã°å šå¡ã責任ãæãããŠãããã©ãããISMS ãç®æšã®çµæãéæããŠãããã©ãããææ¡ããå¿ èŠããããŸãã ããã«åºã¥ããŠãçµå¶è 㯠ISMS ãšç€Ÿå ããžãã¹ ããã»ã¹ãæ¹åããããã®éèŠãªæ±ºå®ãäžãå¿ èŠããããŸãã
16. æ¯æ£æªçœ®ããã³äºé²æªçœ®ã®ã·ã¹ãã ãå°å ¥ãã
ä»ã®èŠæ Œãšåæ§ãISO 27001 ã§ã¯ãç¶ç¶çæ¹åããã€ãŸãæ å ±ã»ãã¥ãªãã£ç®¡çã·ã¹ãã ã®äžäžèŽãäœç³»çã«ä¿®æ£ããé²æ¢ããããšãæ±ããããŠããŸãã æ¯æ£æªçœ®ãšäºé²æªçœ®ã«ãããäžé©åãä¿®æ£ããå°æ¥ã®åçºãé²ãããšãã§ããŸãã
çµè«ãšããŠãå®éã«ã¯ãèªå®ãååŸããããšã¯ãããŸããŸãªæ
å ±æºã§èª¬æãããŠãããããã¯ããã«å°é£ã§ãããšèšããããšæããŸãã ããã¯ãä»æ¥ã®ãã·ã¢ã«ã¯ã
ISMS èªèšŒã¯ç°¡åãªäœæ¥ã§ã¯ãããŸããããåœéèŠæ Œ ISO/IEC 27001 ã®èŠä»¶ãæºãããšããäºå®èªäœããäžçåžå Žã«ãããŠå€§ããªç«¶äºäžã®åªäœæ§ãããããå¯èœæ§ããããŸãã ç§ãã¡ã®èšäºããäŒæ¥ãèªèšŒã«åããŠæºåããéã®éèŠãªæ®µéã«ã€ããŠã®æåã®ç解ãæäŸã§ããã°å¹žãã§ãã
åºæïŒ habr.com